With effect from July 1, 2014, South Korea joined the Hague International Design System which allows for the protection of designs in several countries through the filing of a single application with the World’s Intellectual Property Organization (WIPO).
South Korea is the 62nd member to enter into the Hague Agreement for the International Registration of Industrial Designs.
This system offers significant opportunities for efficiency gains and allows the filing of up to 100 different designs per application. It also simplifies the recording of changes in, and renewals of, protected industrial designs.
Only contracting parties can benefit from the system. Non-member States such as the United States and Japan still require the filing of applications at a national level.
However, more and more countries are currently filing for membership, which is good news for companies. Similarly to international trademarks, it is recommended to take advantage of the benefits offered by international designs.
Following the media coverage of its discovery in early April, the so-called Heartbleed flaw has been extensively written about. A major flaw, if any, Heartbleed is actually a coding error in the OpenSSL encryption software. The websites using OpenSSL are, or were for a few days, highly vulnerable to theft of data. Overwhelming for some, frightening for others, the flaw must be taken seriously in any event. The Heartbleed situation in four questions.
What is Heartbleed?
Heartbleed is neither a malware nor a virus. It is a flaw in the implementation of the OpenSSL security protocol. The latter is used to secure communication between two computers while protecting their identities. Heartbleed allows any internet user to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. It compromises the secret keys used to identify the service providers and to encrypt traffic as well as the names and passwords of users. It also allows hackers to eavesdrop on communications and to steal data directly from the servers.
The flaw of the OpenSSL lies in this tiny line of code:
memcpy (bp, pl, payload):
Mempcy is a command that copies data by overwriting previously copied data. But, with Heartbleed, the data is stored in the system as information to be overwritten, but it is not, and the flaw allows for this data to be stolen.
How significant is the flaw?
Heartbleed allows a maximum 64 Kb of data to be retrieved, which may seem to be an insignificant amount. However, this represents a significant amount of information in plain text (64,000 characters!). Together, data retrieved from all servers represent a colossal amount of information. In addition, “the number of attacks from hackers is unlimited” as stated by Fox-IT, a company specialised in IT security.
The identity of the hackers may be equally important. Thus, a few days after the discovery of the flaw, the National Security Agency (NSA) was accused of having exploited this flaw for almost two years to collect the maximum amount of data on Internet users. While the Edward Snowden commotion had started to settle, these accusations did not bode well for the U.S. agency.
Has the flaw been fixed?
The OpenSSL protocol was developed as open software. This allows its users to modify the source code, and to deal with flaws of this magnitude. For April, an organisation for the promotion of open software, the open nature of the code has “substantially lowered the impact of this flaw.” OpenSSL has been updated but this still does not solve all the problems, as the update must be installed on all vulnerable servers.
The most popular websites had already installed this update of the protocol before the media started reporting on the flaw. The servers are therefore no longer vulnerable to this flaw.
Nonetheless, mistakes can happen swiftly. Akamai Technologies, which manages almost 30 % of global traffic on its 147,000 servers, learnt it the hard way. For over 10 years, Akamai has been using a modified version of OpenSSL which provided “better security” against the Heartbleed flaw according to the Chief Technology Officer of the company. However, an independent researcher found “a code full of bugs and non-functional” in the patch provided by Akamai to its clients. The researcher believes that the update does not offer adequate protection against Heartbleed. This is particularly worrying given that Akamai’s clients are major banks, media groups and companies specialising in e-commerce.
However it is possible that other flaws will be revealed. Indeed, OpenSSL is crucial for websites that use it; however this project is far from being sustainable. Its developers are “desperately short of funds” according to the Research Manager of Sophos. The Wall Street Journal says that only four developers work on this project, only one of them on a full time basis.
What should users do?
For users, two steps are crucial to prevent personal information from being stolen. Firstly, it is essential to ensure that websites they use have updated their version of OpenSSL. This is already the case for most websites, including social networks and banks’, but checking is still important.
The second step is to change your passwords. This change must be put into practice after the OpenSSL has been updated, otherwise hackers may retrieve the new password.
Last but not least, in order to ensure protection of one’s information on the Internet, one should have different passwords. This is commonly known advice but unfortunately it not applied frequently enough. Yet, it is essential. Thus a unique and hard to guess password is good practice for sensitive websites such as banks’ websites. Passwords that are too simple such as “password” or “123456” are obviously prohibited, on any website.
On 10th December 2013, the Hague Court of Appeal has adopted a severe stance in relation to the evidence of trade mark use and of the defendants’ bad faith (200.110.341/01). As such, the company Promodyne manufactured cigarettes under the mark Maba, which was then exported to Asia by the company Zhu. Furthermore, the company Great Blue Sky International has filed a Community trade mark application for the mark Maba. Some months later, the company Zhu filed a trademark application for the same mark in Benelux. In response to the opposition made by Great Blue Sky International and Promodyne, the company Zhu claimed for the latters’ bad faith.
In order to prove bad faith, the Hague Court of Appeal requested the company Zhu to demonstrate that it was using the mark Maba in at least one of the countries of the European Union before the defendants filed a Community trade mark application. In other words, the company Zhu had to provide proof of prior rights in the European Union. The latter declared having used the mark for export purposes as per Article 15 (1) (b) of the Regulation No. 207/2009 on Community trademark.
However, the Hague Court of Appeal did not consider this point. It deliberated that the use of the trademark in the framework of exportation of the products outside the European Union constituted a use of trademark only if it is contrary to one of the functions of the mark. It is what has been retained in this case when specifying that although the products are meant for exportation, there is a risk that they reach the European market through the initiative of the owner or third parties. Moreover, as the products are directly sent to Asia, it seems difficult for the company Zhu to prove any sufficient prior use of the mark on the European market.
One can speculate on the solution of the Hague Court of Appeal if the company Zhu would have succeeded in providing evidence of sufficient prior use of the trademark. Would it have retained the defendants’ bad faith? In assuming that an appeal is requested before the Court of Justice of the European Union, it is not sure that it would follow the same reasoning as the Hague Court of Appeal.
On January 22, 2014, the U.S. District Court for the Northern District of California ruled on whether a takedown notice submitted to Facebook was in violation of the Digital Millennium Copyright Act (DMCA), a US statute enacted in 1998 to combat copyright violations.
CrossFit created a fitness training program and owns the trademark CROSSFIT. Jenni Alvies, without CrossFit’s consent, set up a blog “crossfitmamas.blogspot.com” and a Facebook page “CrossFit Mamas” on which workout routines and personal comments were posted. In addition, Alvies sold various products through her blog and was remunerated through Google AdWords ads.
After several exchanges, CrossFit sent a takedown notice to Facebook requesting the removal of the contents published on Alvies’ page on the grounds of a violation of the DMCA.
CrossFit eventually decided to sue Alvies before the Courts for trademark infringement. In response, Alvies argued that the DMCA only covers copyright infringements. Thus, by relying on the infringement of its trademark rights, CrossFit submitted an erroneous takedown notice to Facebook. CrossFit, on the other hand, argued that Facebook offers the option to submit notices based on either copyrights or trademark rights.
The District Court rejected CrossFit’s argument. Even though CrossFit did convince Facebook to remove Alvies’ page, the Court did not take this into consideration and highlighted the copyright violation by CrossFit. Besides, the Court found that Alvies, who received income through her Facebook page, would have suffered unreasonable damage due to the unlawful removal of the contents of her page.
Right owners must thus remain vigilant with regards to the wording of, and legal basis used in, takedown notices, to make sure they are not rejected.
The French Consumer Act, aka the Hamon Law (Act N˚ 2014-344 of March 17, 2014), will enter into force on June 13, 2014. It incorporates the provisions of the EU Directive on Consumer Rights of 2011 (Directive 2011/83/EU of October 25, 2011) which promotes e-commerce in the EU at national and cross-border level.
In order to comply with EU rules on consumer protection, e-merchants will need to provide more detailed information to consumers. This information obligation includes information on the obligation to pay, return costs, procedures to exercise the consumer’s withdrawal right and accepted modes of payment.
In the same vein, the Hamon law will bring in line with EU law the withdrawal and refund periods, which will be 14 days instead of 7 and the delivery period within the EU, which will be 30 days. The consumer will also have 30 days to make a request for cancellation of the sale based on non-delivery. Moreover, the Consumer Act prohibits contractual provisions which transfer the liability associated with the transport risk to the consumer.
Furthermore, the consumer’s consent will have to be obtained by opt-in; the consumer will compulsorily have to tick the boxes to notify his consent.
With regards to the protection of e-merchants, new exceptions to the withdrawal right will be established, mostly for hygiene purposes. E-merchants will also be able to hold consumers liable if the returned product has been overused. Finally, the e-merchants will not be held liable in case of loss or damage of products upon delivery, provided that the consumer chose his carrier. What are the required updates for e-merchants?
Amending general terms and conditions of sale in order to incorporate the changes in time limits and the new rules;
Training and educating employees and partners on the new procedures, particularly on returns and refunds;
Adjusting the order process to be in line with the new rules;
Sending order confirmations containing all the required information on a durable medium which the consumer can store;
Modifying the order button so it shows clearly the obligation to pay.
These measures form part of the EU’s fight for consumer protection. These measures are not limited to the regulation of e-commerce; they also provide for amendments in relation to litigation, with the introduction of class actions “à la française”.
Used as a marketing tool by economic operators, slogans are not only exploited in the real world but also in the digital world.
Protecting slogans over the Internet includes fighting against the use of third-party registered slogans in domain names. UDRP decisions show that assessing the likelihood of confusion in relation to slogans is similar to assessing such likelihood in relation to trademarks generally.
If a slogan has been registered as a trademark, the Panel will compare it with the domain name. On the other hand, if the slogan has not been registered as a trademark, then the existence of rights of a non-registered trademark (Common law rights) should be established. The applicant should establish an active use of the slogan, having created a link in the mind of the public between the slogan and its goods and services (D2005-0649 Ice House America, LLC v. Ice Igloo, Inc ; <icehouseamerica.com> and <icehouseamerica.net>). It should be established in concreto at the time of registration of the disputed domain name (D2002-1117 Arthur Guinness Son & Co. Limited, Guinness Anchor Berhad v. Josh.com.my a.k.a. Josh Lim ).
Sometimes domain names reproduce slogans in their entirety. Thus, the domain name <foreversport.com> was found to be similar to the slogan “FOREVER SPORT” by Adidas (D2000-1148 Adidas International B.V. v. Kadana Holdings Pty Ltd).
Domain names may also reproduce only part of the relevant trademark, which is also the slogan of the complainant. This has been the case for the domain name <morgandetoi.mobi> where the complainant was the holder of a complex trademark that included the slogan “Morgan de Toi” (D2012-2117, C.C.V. Beaumanoir v. Zhihao Zheng).
A likelihood of confusion may also be established where only part of the slogan is reproduced in the domain name, provided that the distinctive components of the slogan are used. Thus a shoe manufacturer holding the trademark “Think!” and using the slogan “Shoes by Think” successfully obtained the transfer of the domain name <think-shoes.net> (D2007-1007 Marko Schuhfabrik GmbH v. Mercom Group).
Domain names may also reproduce the slogan in a slightly different manner without excluding the risk of confusion. In the case concerning the domain name <thisisadamking.com>, the Panel found that the complainant had non-registered trademark rights on its slogan “Who is Adam King” and that the replacement of “Who” by “This” did not exclude the risk of confusion since, on the contrary, “This” could be viewed as an answer to the question asked by the slogan (D2002-1117 Arthur Guinness Son & Co. Limited , Guinness Anchor Berhad c/ Josh.com.my a.k.a. Josh Lim).
Domain names may also reproduce the slogan in combination with other terms. For instance, if a domain name reproduces the trademark of the complainant and adds it to its own slogan, the likelihood of confusion is even greater (D2010-2126, Akbank Turk A.S.c/. Axess Yeterbana <axessyeterbana.com> – trademark Axess + slogan “Yeter bana”).
However, where a domain name includes a slogan associated with a negative term, the likelihood of confusion does not necessary arise. The Panels’ opinions are divided with regards to domain names containing pejorative terms. Some refuse to recognize the existence of a likelihood of confusion in this case whilst others recognize it: it all depends on how one interprets the freedom of expression. Fighting against such domain names can therefore prove to be very difficult.
In this context, it is worth noting the decision regarding the domain names <mma-prejudice-moral-economique.com> and <mma-zero-tracas-publicite.com> rendered in favor of the insurer MMA in a way that was particularly favorable to rights holders (D2012-2136 MMA IARD c/ Eric François). The Panel noted a potentially confusing similarity on the grounds that, if had he found otherwise, this would “prevent right-owners from fighting many cases of cybersquatting”.
Finally, beyond the likelihood of confusion, the protection of slogans over the Internet also aims to prevent the exploitation of slogans by non-authorized third parties. It may include e.g. fighting against a misappropriation of the slogan on a third party’s website. The case D2004-0249 SEC SNC against Manakel Communication concerning the domain names <baton-de-berger.com> and <batondeberger.com> covered these two aspects. The domain names were identical to the complainant’s trademarks and were redirected to a pornographic website which displayed the slogan “There is no time for sucking it”, which is a misappropriation of the complainant’s slogan “There is no time for eating it.” The Panel based itself on the reproduction of the complainant’s trademarks to establish the likelihood of confusion and on the unjustified exploitation of the complainant’s slogan to establish the bad faith of the registrant.
Caution should therefore be exercised when acting against a domain name comprised of a slogan.
On February 5, 2014, the District Court of California ruled on a Legal Rights’ Objection (LRO) regarding the <.delmonte> gTLD (generic Top-Level Domain). The LRO was a protection awarded to trademark holders in ICANN’s New gTLD Program from June 2012 to March 2013. Trademark owners could file objections to new gTLD applications before the World Intellectual Property Organization (WIPO) to challenge the depositor’s rights to the gTLD.
Here, the court addressed a request to challenge a decision made by WIPO on the <.delmonte> in July 2013. The case involved two companies named Del Monte, a Delaware entity and its licensee, a Swiss company. The Swiss entity applied for the <.delmonte> gTLD as a license holder of the “DEL MONTE” trademark. However, the application was successfully contested by the Delaware entity by a LRO. In response, the Swiss company sued in US Federal Court to obtain the rights to the gTLD at issue and the Delaware company to give up its LRO.
The Swiss entity based its complaint on both the Anti-cybersquatting Consumer Protection Act (ACPA) and “reverse domain name hijacking”. Both of these claims involve domain names. The main question here is whether the claims can also apply to new gTLD applications.
Such a requirement begs the question of the new generic top-level domain’s registration. The court therefore questioned whether ICANN could be considered as a domain name registration authority. Texts and Case law diverge on the matter. In this case, ICANN was considered “much like a traditional domain name registrar” but the court’s analysis remained inconclusive for the new gTLDs.
It then turned to the registration and use of the new generic top-level domain. The court said that the <.delmonte> gTLD was never properly registered. Therefore, the ACPA’s requirement of “registration, trafficking or use” to constitute cybersquatting could not be asserted. As a result, the Delaware entity maintained the right it acquired with the LRO to the <.delmonte> gTLD.
This decision also highlights the fact that the ACPA was not written to take into account the new gTLDs. A reform of the Act should be considered to adapt it to ICANN’s new top-level domains.
The Office of Community Trademarks – OHIM and some national Offices published, in January of this year, a common communication on black and white trademarks.
What does it say? What are the implications in practice?
A trademark in black and white will be treated as identical to a sign in colour if the difference between the two is so insignificant as to be unnoticed by the average consumer. Thus, if only a reasonably observant consumer will see a significant difference when comparing the two trademarks, then the difference will be treated as insignificant.
The distinctive character of a trademark registered in black and white will not be changed by a change in colour provided that:
o The figurative elements are the same and remain as the main distinctive elements;
o The contrast of shades is respected;
o The colour or combination of colours does not have distinctive character in itself;
o The colour is not one of the main contributors to the overall distinctiveness of the trademark.
If an opposition is filed, signs will only be deemed identical if the difference of colour is insignificant, i.e. hardly noticeable to the average consumer. Even if the signs are not identical, they may be considered as similar and a likelihood of confusion may be found to exist.
For a priority claim, a trademark registered in black and white will not be treated as identical to the same trademark in colour, unless the difference in colour is insignificant.
In addition, there is regrettably some divergence with regards to the implementation date of this new common practice between OHIM (June 2, 2014) and the various participating national offices (e.g. July 15, 2014 for the UKIPO). Further, the different offices have not decided if this new practice applies to pending applications or only to those filed after the implementation date; but also whether it applies to pending proceedings or only to those initiated after the implementation date.
Finally, it remains advisable, based on the specifics of each case and with regards to the new common practice, that trademark owners register their trademarks in both black and white and colour, particularly when colour is a distinctive element of the trademark.
On February 13, 2004, the European Court of Justice intervened on the notion of disclosure of designs (C-479/12). In order to acquire protection for a design, that design must be a new one and must have an individual character compared with all the designs which have gone before. These designs have to have been made available to the public, that is, they must have been published following registration or otherwise, or exhibited, used in trade or otherwise disclosed “except where these events could not reasonably have become known in the normal course of business to the circles specialised in the sector concerned, operating within the Community” (article 7 regulation n°6/2002). The European Court of Justice has set out the contours of this exception.
Firstly, the concept of «specialised circles» has to be understood broadly. It does not only concern the persons who are involved in the creation of designs. Indeed, the Court also takes into consideration the disclosure to traders. However, this point remains unclear as it is considered to be a question of fact that must be solved by the national courts.
In addition, the Court considers that the events constituting disclosure must not necessarily have taken place within the European Union. Similarly, disclosure in a single undertaking in the sector concerned in the European Union is sufficient. However, the Court adds once again that it is a question of fact left to the national court.
Finally, the Court states that it is the person who is seeking to assert his or her rights who bears the burden of proof in demonstrating copying. It seems difficult for the rightholder to come up with this proof and therefore the national courts must counter that difficulty by lightening the onus of proof. Claims for compensation, destruction of infringing products and injunctions against the infringer must also be governed by national law.
If the decision of the European Court of Justice clarifies the notion of disclosure relating to designs, many elements must be determined by the national law. Therefore, we may fear an absence of harmonization in the national regulations and the practical difficulties.
On April 10, 2014, the Examiners of National Arbitration Forum rendered their first decision on a domain name carrying the gTLD .uno. They also took the opportunity to strictly remind the manner in which a trademark right should be established.
In the present case, the domain name <aeropostale.uno> had been reserved. However, the Aeropostale trademark was registered with the Trademark Clearinghouse (TMCH), a declaration-based database that allows trademark owners and registrants of a domain name carrying a new gTLD to be notified in cases of cybersquatting of the trademark.
This was the case here but the registrant clearly ignored the TMCH notification. On March 26, the company Aeropostale therefore filed an URS (Uniform Rapid Suspension) complaint with the NAF requesting the suspension of the disputed domain name.
The decision of the Examiner was swift. In one paragraph, he reminded that the first condition to obtain an order of suspension is to establish that the domain name is identical or confusingly similar to a trademark on which the complainant has a right. In the present case, however, whilst there are several Aeropostale trademarks, none of them bears the name of the company that filed the URS complaint.
Additionally, the complainant failed to show any relationship with the companies owning the Aeropostale trademarks. The Examiner could not logically consider that the first condition for URS complaints was met. He therefore did not bother to see whether the other conditions were met.
Thus, the Examiner ordered that the domain name remain to the respondent.
At first glance, this decision might seem surprising since it is clear that the Aeropostale trademark was identically reproduced in the domain name. Yet it is fully in line with previous decisions and the principles that govern the URS and URDP proceedings. To exercise these rights, it is not sufficient to establish the existence of trademarks; but one should be the owner thereof.
Dreyfus law firm specializes in domain name cybersquatting cases and can assist you in better managing your conflicts on the Internet. Please do not hesitate to contact us for any further queries.
Our site uses cookies to offer you the best service and to produce statistics, and measure the website's audience. You can change your preferences at any time by clicking on the "Customise my choices" section.
When browsing the Website, Internet users leave digital traces. This information is collected by a connection indicator called "cookie".
Dreyfus uses cookies for statistical analysis purposes to offer you the best experience on its Website.
In compliance with the applicable regulations and with your prior consent, Dreyfus may collect information relating to your terminal or the networks from which you access the Website.
The cookies associated with our Website are intended to store only information relating to your navigation on the Website. This information can be directly read or modified during your subsequent visits and searches on the Website.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Dreyfus is concerned about protecting your privacy and the Personal Data ("Data"; "Personal Data") it collects and processes for you.
Hence, Dreyfus complies every day with the European Union legislation regarding Data protection and particularly the European General Data Protection Regulation Number 2016/679 of 27 April 2016 (GDPR).
This Privacy Policy is aimed at informing you clearly and comprehensively about how Dreyfus, as Data Controller, collects and uses your Personal Data. In addition, the purpose of this Policy is to inform you about the means at your disposal to control this use and exercise your rights related to the said processing, collection and use of your Personal Data.
This Privacy Policy describes how Dreyfus collects and processes your Personal Data. The collection happens when you visit our Website, when you exchange with Dreyfus by e-mail or post, when exercising our Intellectual Property Attorney and representative roles, when we interact with our clients and fellow practitioners, or on any other occasion when you provide your Personal Data to Dreyfus, in particular when you register for our professional events.
With effect from July 1, 2014, South Korea joined the Hague International Design System which allows for the protection of designs in several countries through the filing of a single application with the World’s Intellectual Property Organization (WIPO).
